[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214212 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Nov 17 14:13:11 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, November 17, 2023 2:13:06 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214212 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 214212

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total              Src IP
-----------------------------------------------------
  1278300        4261         6.5%        52.107.243.4
   825600        2752         4.2%      209.85.137.254
   721800        2406         3.7%         31.13.84.52
   376500        1255         1.9%       163.70.147.63
   254700         849         1.3%         31.13.84.51
   253500         845         1.3%     142.250.180.174
   242400         808         1.2%          31.13.84.4
   217800         726         1.1%        3.160.196.80
   209100         697         1.1%       128.139.200.5
   207600         692         1.1%   2001:bf8:900:7::4

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total              Dst IP
-----------------------------------------------------
  3846000       12820        19.7%        132.74.6.143
  3844500       12815        19.7%          132.68.1.2
  3774900       12583        19.3%        132.68.239.9
  3696600       12322        18.9%          132.68.1.9
  1438500        4795         7.4%     128.139.225.245
  1417800        4726         7.2%       192.114.3.241
   547800        1826         2.8%        128.139.35.5
   498300        1661         2.5%      128.139.200.60
   451500        1505         2.3%      128.139.34.240
   353400        1178         1.8%   2001:bf8:100:1::2

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             128.139.225.245                 1400708100
                       443   128.139.225.245                 1274701500
    31.13.84.52        443                                    881657400
    31.13.84.52                                               881657400
  163.70.147.63        443                                    466201200
  163.70.147.63                                               466201200
                              192.114.91.211                  357287700
                       443    192.114.91.211                  337336500
   3.160.196.80        443                                    318210900
   3.160.196.80                                   56286       318210900

Further Details:
https://primary.nemo.geant.org/alerts/details/214212/


More information about the Nemo-ddos-list mailing list